|
3301
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or …
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-42321
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3302
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset…
|
CWE-862
Missing Authorization
|
CVE-2026-44281
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3303
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's intern…
|
CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-36604
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3304
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that require…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-36605
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3305
|
7.1 |
HIGH
Local
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-36606
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3306
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to th…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-36607
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3307
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or local…
|
CWE-441
Confused Deputy
|
CVE-2026-36608
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3308
|
7.3 |
HIGH
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-bas…
|
CWE-327
CWE-341
Use of a Broken or Risky Cryptographic Algorithm
Predictable from Observable State
|
CVE-2026-36609
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3309
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-mid…
|
CWE-319
CWE-523
Cleartext Transmission of Sensitive Information
Unprotected Transport of Credentials
|
CVE-2026-36610
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3310
|
7.3 |
HIGH
Network
|
-
|
-
|
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory t…
|
CWE-200
Information Exposure
|
CVE-2026-36611
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
